๐จ CVE-2025-66546
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.
๐@cveNotify
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.
๐@cveNotify
GitHub
Merge pull request #7537 from nextcloud/fix/appointments/unify-ids ยท nextcloud/calendar@f41650c
fix(appointments): unify IDs
๐จ CVE-2025-66547
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
๐@cveNotify
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.
๐@cveNotify
GitHub
Users can modify tags on files that do not belong to them
### Impact
Non-privileged users can modify tags on files they should not have access to via bulk tagging.
### Patches
It is recommended that the Nextcloud Server is upgraded to 31.0.1.
It...
Non-privileged users can modify tags on files they should not have access to via bulk tagging.
### Patches
It is recommended that the Nextcloud Server is upgraded to 31.0.1.
It...
๐จ CVE-2025-66556
Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.
๐@cveNotify
Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.
๐@cveNotify
GitHub
Participants were able to blindly delete poll drafts of other users by ID
### Impact
A participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID.
### Patches
It is recommended that th...
A participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID.
### Patches
It is recommended that th...
๐จ CVE-2025-66557
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.
๐@cveNotify
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.
๐@cveNotify
GitHub
Merge pull request #7131 from nextcloud/fix-board-acl-check ยท nextcloud/deck@f1da8b3
fix: acl check when delete, update board acl
๐จ CVE-2025-66558
Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.
๐@cveNotify
Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.
๐@cveNotify
GitHub
WebAuthn app was updated based on public key
### Impact
A missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victi...
A missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victi...
๐จ CVE-2025-66629
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.
๐@cveNotify
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.
๐@cveNotify
GitHub
fix(auth): add state parameters and PKCE support ยท hedgedoc/hedgedoc@35f36fc
Only the OAuth2 auth strategy was using the state parameter,
which should be used as described in the RFC. The other
auth strategies such as GitHub, GitLab or Google were lacking
the state paramete...
which should be used as described in the RFC. The other
auth strategies such as GitHub, GitLab or Google were lacking
the state paramete...
๐จ CVE-2025-14214
A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
itsourcecode Student Information System V1.0 SQL Injection Vulnerability ยท Issue #15 ยท ltranquility/CVE
itsourcecode Student Information System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Student Information System Vendor Homepage https://itsourcecode.com/free-projects/php-project/st...
๐จ CVE-2025-12917
A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is required for this attack to succeed. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is required for this attack to succeed. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2025-47220
A file enumeration issue was found in Keyfactor SignServer versions prior to 7.3.2.
๐@cveNotify
A file enumeration issue was found in Keyfactor SignServer versions prior to 7.3.2.
๐@cveNotify
๐จ CVE-2025-47221
A file write issue was found in Keyfactor SignServer versions prior to 7.3.2.
๐@cveNotify
A file write issue was found in Keyfactor SignServer versions prior to 7.3.2.
๐@cveNotify
๐จ CVE-2025-47222
A class name enumeration issue was found in Keyfactor SignServer versions prior to 7.3.2.
๐@cveNotify
A class name enumeration issue was found in Keyfactor SignServer versions prior to 7.3.2.
๐@cveNotify
๐จ CVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database.
๐@cveNotify
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database.
๐@cveNotify
GitHub
The lvzhou CMS's /admin/content/data interface contains an SQL injection vulnerability. ยท Issue #1 ยท W000i/vuln
This vulnerability has been assigned CVE-2025-65877. Vulnerability Author Wu Xiaoran Vulnerability Description The 'title' parameter in the com.wanli.lvzhoucms.service.ContentService#findPa...
๐จ CVE-2025-66515
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another userโs file into the โpending approvalโ without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.
๐@cveNotify
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another userโs file into the โpending approvalโ without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.
๐@cveNotify
GitHub
Merge pull request #334 from nextcloud/file_check ยท nextcloud/approval@e30b56b
fix: file ownership
๐จ CVE-2025-14247
A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument item_name can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument item_name can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
๐จ CVE-2025-14248
A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
๐@cveNotify
๐จ CVE-2025-14251
A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin Login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin Login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
๐จ CVE-2025-65796
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
๐@cveNotify
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
๐@cveNotify
๐จ CVE-2025-65798
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.
๐@cveNotify
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.
๐@cveNotify
๐ฅ1
๐จ CVE-2022-37055
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
๐@cveNotify
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
๐@cveNotify
๐จ CVE-2025-46261
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Seriously Simple Podcasting Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
๐@cveNotify
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
๐@cveNotify
GitHub
fix: issues 20 ยท PerfreeBlog/PerfreeBlog@103c791
PerfreeBlogๆฏไธๆฌพๅบไบjavaๅผๅ็ๅๅฎข/CMSๅปบ็ซๅนณๅฐ,ไธฐๅฏ็ไธป้ขๆฏๆๅๆฉๅฑๆไปถๅ่ฝ,็ปๆจๅธฆๆฅๅ
จๆฐ็ๅไฝไฝ้ช~ - fix: issues 20 ยท PerfreeBlog/PerfreeBlog@103c791
โค1